2294 lines
56 KiB
Text
2294 lines
56 KiB
Text
## <summary>Policy for terminals.</summary>
|
|
## <required val="true">
|
|
## Depended on by other required modules.
|
|
## </required>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Transform specified type into a pty type.
|
|
## </summary>
|
|
## <param name="pty_type">
|
|
## <summary>
|
|
## An object type that will applied to a pty.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_pty',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_node($1)
|
|
allow $1 devpts_t:filesystem associate;
|
|
typeattribute $1 ptynode;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Transform specified type into an user
|
|
## pty type. This allows it to be relabeled via
|
|
## type change by login programs such as ssh.
|
|
## </summary>
|
|
## <param name="userdomain">
|
|
## <summary>
|
|
## The type of the user domain associated with
|
|
## this pty.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="object_type">
|
|
## <summary>
|
|
## An object type that will applied to a pty.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_user_pty',`
|
|
gen_require(`
|
|
attribute server_ptynode;
|
|
')
|
|
|
|
term_pty($2)
|
|
type_change $1 server_ptynode:chr_file $2;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Transform specified type into a pty type
|
|
## used by login programs, such as sshd.
|
|
## </summary>
|
|
## <param name="pty_type">
|
|
## <summary>
|
|
## An object type that will applied to a pty.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_login_pty',`
|
|
gen_require(`
|
|
attribute server_ptynode;
|
|
')
|
|
|
|
term_pty($1)
|
|
typeattribute $1 server_ptynode;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Transform specified type into a tty type.
|
|
## </summary>
|
|
## <param name="tty_type">
|
|
## <summary>
|
|
## An object type that will applied to a tty.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_tty',`
|
|
gen_require(`
|
|
attribute ttynode, serial_device;
|
|
type tty_device_t;
|
|
')
|
|
|
|
typeattribute $1 ttynode, serial_device;
|
|
|
|
dev_node($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Transform specified type into a user tty type.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## User domain that is related to this tty.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="tty_type">
|
|
## <summary>
|
|
## An object type that will applied to a tty.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_user_tty',`
|
|
gen_require(`
|
|
attribute ttynode;
|
|
type console_device_t;
|
|
type tty_device_t;
|
|
')
|
|
|
|
term_tty($2)
|
|
|
|
type_change $1 tty_device_t:chr_file $2;
|
|
|
|
# Debian login is from shadow utils and does not allow resetting the perms.
|
|
# have to fix this!
|
|
ifdef(`distro_debian',`
|
|
type_change $1 ttynode:chr_file $2;
|
|
')
|
|
|
|
tunable_policy(`login_console_enabled',`
|
|
# When user logs in from /dev/console, relabel it
|
|
# to user tty type as well.
|
|
type_change $1 console_device_t:chr_file $2;
|
|
')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create the /dev/pts directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_create_pty_dir',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
allow $1 devpts_t:dir create_dir_perms;
|
|
dev_filetrans($1, devpts_t, dir, "devpts")
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create a pty in the /dev/pts directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## The type of the process creating the pty.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="pty_type">
|
|
## <summary>
|
|
## The type of the pty.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_create_pty',`
|
|
gen_require(`
|
|
type bsdpty_device_t, devpts_t, ptmx_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ptmx_t:chr_file rw_file_perms;
|
|
|
|
allow $1 devpts_t:dir list_dir_perms;
|
|
allow $1 devpts_t:filesystem getattr;
|
|
dontaudit $1 bsdpty_device_t:chr_file { getattr read write };
|
|
type_transition $1 devpts_t:chr_file $2;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write the console, all
|
|
## ttys and all ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_write_all_terms',`
|
|
gen_require(`
|
|
attribute ttynode, ptynode;
|
|
type console_device_t, devpts_t, tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:dir list_dir_perms;
|
|
allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file write_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write the console, all
|
|
## ttys and all ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_use_all_terms',`
|
|
gen_require(`
|
|
attribute ttynode, ptynode;
|
|
type console_device_t, devpts_t, tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:dir list_dir_perms;
|
|
allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write the inherited console, all inherited
|
|
## ttys and ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_use_all_inherited_terms',`
|
|
gen_require(`
|
|
attribute ttynode, ptynode;
|
|
type console_device_t, devpts_t, tty_device_t;
|
|
')
|
|
|
|
allow $1 { devpts_t console_device_t tty_device_t ttynode ptynode }:chr_file rw_inherited_term_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write to the console.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_write_console',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 console_device_t:chr_file write_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read from the console.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_read_console',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 console_device_t:chr_file read_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read from the console.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_dontaudit_read_console',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
')
|
|
|
|
dontaudit $1 console_device_t:chr_file read_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read from and write to the console.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_use_console',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 console_device_t:chr_file rw_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attemtps to read from
|
|
## or write to the console.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_use_console',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
type tty_device_t;
|
|
')
|
|
|
|
init_dontaudit_use_fds($1)
|
|
dontaudit $1 console_device_t:chr_file rw_inherited_chr_file_perms;
|
|
dontaudit $1 tty_device_t:chr_file rw_inherited_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of the console
|
|
## device node.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_setattr_console',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 console_device_t:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel from and to the console type.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabel_console',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 console_device_t:chr_file relabel_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create the console device (/dev/console).
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_create_console_dev',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
')
|
|
|
|
dev_add_entry_generic_dirs($1)
|
|
allow $1 console_device_t:chr_file create;
|
|
allow $1 self:capability mknod;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Watch the console device (/dev/console).
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_watch_console_dev',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
')
|
|
|
|
allow $1 console_device_t:chr_file watch_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Watch_reads the console device (/dev/console).
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_watch_reads_console_dev',`
|
|
gen_require(`
|
|
type console_device_t;
|
|
')
|
|
|
|
allow $1 console_device_t:chr_file watch_reads_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of a pty filesystem
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_getattr_pty_fs',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
allow $1 devpts_t:filesystem getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Mount a pty filesystem
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_mount_pty_fs',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
allow $1 devpts_t:filesystem mount;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Unmount a pty filesystem
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_unmount_pty_fs',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
allow $1 devpts_t:filesystem unmount;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel from and to pty filesystem.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabel_pty_fs',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:filesystem { relabelto relabelfrom };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the
|
|
## attributes of the /dev/pts directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_getattr_pty_dirs',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dontaudit $1 devpts_t:dir getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search the contents of the /dev/pts directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_search_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to search the
|
|
## contents of the /dev/pts directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_search_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_dontaudit_list_all_dev_nodes($1)
|
|
dontaudit $1 devpts_t:dir search_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read the /dev/pts directory to
|
|
## list all ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_list_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:dir list_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel the /dev/pts directory
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabel_ptys_dirs',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
allow $1 devpts_t:dir relabel_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read the
|
|
## /dev/pts directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_list_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dontaudit $1 devpts_t:dir { getattr search read };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to create, read,
|
|
## write, or delete the /dev/pts directory.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_manage_pty_dirs',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dontaudit $1 devpts_t:dir manage_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of generic pty devices.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to allow
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_getattr_generic_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
allow $1 devpts_t:chr_file getattr;
|
|
')
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the attributes
|
|
## of generic pty devices.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_getattr_generic_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dontaudit $1 devpts_t:chr_file getattr;
|
|
')
|
|
########################################
|
|
## <summary>
|
|
## ioctl of generic pty devices.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
# cjp: added for ppp
|
|
interface(`term_ioctl_generic_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:dir search;
|
|
allow $1 devpts_t:chr_file ioctl;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow setting the attributes of
|
|
## generic pty devices.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
# dwalsh: added for rhgb
|
|
interface(`term_setattr_generic_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
allow $1 devpts_t:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Dontaudit setting the attributes of
|
|
## generic pty devices.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
# dwalsh: added for rhgb
|
|
interface(`term_dontaudit_setattr_generic_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dontaudit $1 devpts_t:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write the generic pty
|
|
## type. This is generally only used in
|
|
## the targeted policy.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_use_generic_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:dir list_dir_perms;
|
|
allow $1 devpts_t:chr_file { rw_term_perms lock append };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read and
|
|
## write the generic pty type. This is
|
|
## generally only used in the targeted policy.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_use_generic_ptys',`
|
|
gen_require(`
|
|
type devpts_t;
|
|
')
|
|
|
|
init_dontaudit_use_fds($1)
|
|
dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Set the attributes of the tty device
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_setattr_controlling_term',`
|
|
gen_require(`
|
|
type devtty_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devtty_t:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write the controlling
|
|
## terminal (/dev/tty).
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_use_controlling_term',`
|
|
gen_require(`
|
|
type devtty_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devtty_t:chr_file { rw_term_perms lock append };
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Get the attributes of the pty multiplexor (/dev/ptmx).
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_getattr_ptmx',`
|
|
gen_require(`
|
|
type ptmx_t;
|
|
')
|
|
|
|
allow $1 ptmx_t:chr_file getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get attributes
|
|
## on the pty multiplexor (/dev/ptmx).
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_getattr_ptmx',`
|
|
gen_require(`
|
|
type ptmx_t;
|
|
')
|
|
|
|
dontaudit $1 ptmx_t:chr_file getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write the pty multiplexor (/dev/ptmx).
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_use_ptmx',`
|
|
gen_require(`
|
|
type ptmx_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ptmx_t:chr_file rw_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read and
|
|
## write the pty multiplexor (/dev/ptmx).
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_use_ptmx',`
|
|
gen_require(`
|
|
type ptmx_t;
|
|
')
|
|
|
|
dontaudit $1 ptmx_t:chr_file { getattr read write ioctl };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of all
|
|
## pty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_getattr_all_ptys',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:dir list_dir_perms;
|
|
allow $1 ptynode:chr_file getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the
|
|
## attributes of any pty
|
|
## device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_getattr_all_ptys',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
')
|
|
|
|
dontaudit $1 ptynode:chr_file getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of all
|
|
## pty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_setattr_all_ptys',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:dir list_dir_perms;
|
|
allow $1 ptynode:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel to all ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabelto_all_ptys',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
')
|
|
|
|
allow $1 ptynode:chr_file relabelto;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write to all ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_write_all_ptys',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ptynode:chr_file write_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write all ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_use_all_ptys',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 devpts_t:dir list_dir_perms;
|
|
allow $1 ptynode:chr_file { rw_term_perms lock append };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write all inherited ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_use_all_inherited_ptys',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
type devpts_t;
|
|
')
|
|
|
|
allow $1 ptynode:chr_file { rw_inherited_term_perms lock };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read or write any ptys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_use_all_ptys',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
')
|
|
|
|
dontaudit $1 ptynode:chr_file { rw_inherited_term_perms lock append };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel from and to all pty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabel_all_ptys',`
|
|
gen_require(`
|
|
attribute ptynode;
|
|
type devpts_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
relabel_chr_files_pattern($1, devpts_t, { ptynode devpts_t } )
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of all user
|
|
## pty device nodes. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_getattr_all_user_ptys',`
|
|
refpolicywarn(`$0 has been deprecated, use term_getattr_all_ptys() instead.')
|
|
term_getattr_all_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the
|
|
## attributes of any user pty
|
|
## device nodes. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_getattr_all_user_ptys',`
|
|
refpolicywarn(`$0 has been deprecated, use term_dontaudit_getattr_all_ptys() instead.')
|
|
term_dontaudit_getattr_all_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of all user
|
|
## pty device nodes. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_setattr_all_user_ptys',`
|
|
refpolicywarn(`$0 has been deprecated, use term_setattr_all_ptys() instead.')
|
|
term_setattr_all_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel to all user ptys. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabelto_all_user_ptys',`
|
|
refpolicywarn(`$0 has been deprecated, use term_relabelto_all_ptys() instead.')
|
|
term_relabelto_all_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write to all user ptys. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_write_all_user_ptys',`
|
|
refpolicywarn(`$0 has been deprecated, use term_write_all_ptys() instead.')
|
|
term_write_all_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write all user ptys. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_use_all_user_ptys',`
|
|
refpolicywarn(`$0 has been deprecated, use term_use_all_ptys() instead.')
|
|
term_use_all_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read any
|
|
## user ptys. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_use_all_user_ptys',`
|
|
refpolicywarn(`$0 has been deprecated, use term_dontaudit_use_all_ptys() instead.')
|
|
term_dontaudit_use_all_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel from and to all user
|
|
## user pty device nodes. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabel_all_user_ptys',`
|
|
refpolicywarn(`$0 has been deprecated, use term_relabel_all_ptys() instead.')
|
|
term_relabel_all_ptys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of all unallocated
|
|
## tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_getattr_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 tty_device_t:chr_file getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow open access for all unallocated
|
|
## tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_open_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 tty_device_t:chr_file open;
|
|
')
|
|
|
|
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the attributes
|
|
## of all unallocated tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_getattr_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dontaudit $1 tty_device_t:chr_file getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of all unallocated
|
|
## tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_setattr_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 tty_device_t:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to set the attributes
|
|
## of unallocated tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_setattr_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dontaudit $1 tty_device_t:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to ioctl
|
|
## unallocated tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_ioctl_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dontaudit $1 tty_device_t:chr_file ioctl;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Watch unallocated tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_watch_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
allow $1 tty_device_t:chr_file watch_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Watch_reads unallocated tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_watch_reads_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
allow $1 tty_device_t:chr_file watch_reads_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel from and to the unallocated
|
|
## tty type.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabel_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 tty_device_t:chr_file relabel_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Mounton unallocated tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_mounton_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
allow $1 tty_device_t:chr_file mounton;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel from all user tty types to
|
|
## the unallocated tty type.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_reset_tty_labels',`
|
|
gen_require(`
|
|
attribute ttynode;
|
|
type tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ttynode:chr_file relabelfrom;
|
|
allow $1 tty_device_t:chr_file relabelto;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Append to unallocated ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_append_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 tty_device_t:chr_file append_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write to unallocated ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_write_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 tty_device_t:chr_file write_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write unallocated ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_use_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 tty_device_t:chr_file rw_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read or
|
|
## write unallocated ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_use_unallocated_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
')
|
|
|
|
init_dontaudit_use_fds($1)
|
|
dontaudit $1 tty_device_t:chr_file rw_inherited_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write USB tty character
|
|
## device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_use_usb_ttys',`
|
|
gen_require(`
|
|
type usbtty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 usbtty_device_t:chr_file rw_chr_file_perms;
|
|
')
|
|
|
|
#######################################
|
|
## <summary>
|
|
## Setattr on USB tty character
|
|
## device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_setattr_usb_ttys',`
|
|
gen_require(`
|
|
type usbtty_device_t;
|
|
')
|
|
|
|
allow $1 usbtty_device_t:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of all tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_getattr_all_ttys',`
|
|
gen_require(`
|
|
type tty_device_t;
|
|
attribute ttynode;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ttynode:chr_file getattr;
|
|
allow $1 tty_device_t:chr_file getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the
|
|
## attributes of any tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_getattr_all_ttys',`
|
|
gen_require(`
|
|
attribute ttynode;
|
|
type tty_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
dontaudit $1 ttynode:chr_file getattr;
|
|
dontaudit $1 tty_device_t:chr_file getattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of all tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_setattr_all_ttys',`
|
|
gen_require(`
|
|
attribute ttynode;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ttynode:chr_file setattr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel from and to all tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabel_all_ttys',`
|
|
gen_require(`
|
|
attribute ttynode;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ttynode:chr_file relabel_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write to all ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_write_all_ttys',`
|
|
gen_require(`
|
|
attribute ttynode;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ttynode:chr_file write_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write all ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_use_all_ttys',`
|
|
gen_require(`
|
|
attribute ttynode;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ttynode:chr_file rw_term_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write all inherited ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_use_all_inherited_ttys',`
|
|
gen_require(`
|
|
attribute ttynode;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 ttynode:chr_file rw_inherited_term_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read or write
|
|
## any ttys.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_use_all_ttys',`
|
|
gen_require(`
|
|
attribute ttynode;
|
|
')
|
|
|
|
dontaudit $1 ttynode:chr_file rw_inherited_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Get the attributes of all user tty
|
|
## device nodes. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_getattr_all_user_ttys',`
|
|
refpolicywarn(`$0() is deprecated, use term_getattr_all_ttys() instead.')
|
|
term_getattr_all_ttys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to get the
|
|
## attributes of any user tty
|
|
## device nodes. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_getattr_all_user_ttys',`
|
|
refpolicywarn(`$0() is deprecated, use term_dontaudit_getattr_all_ttys() instead.')
|
|
term_dontaudit_getattr_all_ttys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Set the attributes of all user tty
|
|
## device nodes. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_setattr_all_user_ttys',`
|
|
refpolicywarn(`$0() is deprecated, use term_setattr_all_ttys() instead.')
|
|
term_setattr_all_ttys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Relabel from and to all user
|
|
## user tty device nodes. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_relabel_all_user_ttys',`
|
|
refpolicywarn(`$0() is deprecated, use term_relabel_all_ttys() instead.')
|
|
term_relabel_all_ttys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Write to all user ttys. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_write_all_user_ttys',`
|
|
refpolicywarn(`$0() is deprecated, use term_write_all_ttys() instead.')
|
|
term_write_all_ttys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read and write all user to all user ttys. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`term_use_all_user_ttys',`
|
|
refpolicywarn(`$0() is deprecated, use term_use_all_ttys() instead.')
|
|
term_use_all_ttys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read or write
|
|
## any user ttys. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_dontaudit_use_all_user_ttys',`
|
|
refpolicywarn(`$0() is deprecated, use term_dontaudit_use_all_ttys() instead.')
|
|
term_dontaudit_use_all_ttys($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Watch user tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_watch_user_ttys',`
|
|
gen_require(`
|
|
type user_tty_device_t;
|
|
')
|
|
|
|
allow $1 user_tty_device_t:chr_file watch_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Watch_reads user tty device nodes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_watch_reads_user_ttys',`
|
|
gen_require(`
|
|
type user_tty_device_t;
|
|
')
|
|
|
|
allow $1 user_tty_device_t:chr_file watch_reads_chr_file_perms;
|
|
')
|
|
|
|
####################################
|
|
## <summary>
|
|
## Getattr on the virtio console.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_getattr_virtio_console',`
|
|
gen_require(`
|
|
type virtio_device_t;
|
|
')
|
|
|
|
allow $1 virtio_device_t:chr_file getattr_chr_file_perms;
|
|
')
|
|
|
|
#####################################
|
|
## <summary>
|
|
## Read from and write to the virtio console.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_use_virtio_console',`
|
|
gen_require(`
|
|
type virtio_device_t;
|
|
')
|
|
|
|
dev_list_all_dev_nodes($1)
|
|
allow $1 virtio_device_t:chr_file rw_chr_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create all named term devices with the correct label
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`term_filetrans_all_named_dev',`
|
|
|
|
gen_require(`
|
|
type tty_device_t;
|
|
type bsdpty_device_t;
|
|
type console_device_t;
|
|
type ptmx_t;
|
|
type devtty_t;
|
|
type virtio_device_t;
|
|
type devpts_t;
|
|
type usbtty_device_t;
|
|
')
|
|
|
|
dev_filetrans($1, devtty_t, chr_file, "tty")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty10")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty11")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty12")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty13")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty14")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty15")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty16")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty17")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty18")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty19")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty20")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty21")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty22")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty23")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty24")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty25")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty26")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty27")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty28")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty29")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty30")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty31")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty32")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty33")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty34")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty35")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty36")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty37")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty38")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty39")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty40")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty41")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty42")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty43")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty44")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty45")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty46")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty47")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty48")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty49")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty50")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty51")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty52")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty53")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty54")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty55")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty56")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty57")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty58")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty59")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty60")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty61")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty62")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty63")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty64")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty65")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty66")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty67")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty68")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty69")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty70")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty71")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty72")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty73")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty74")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty75")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty76")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty77")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty78")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty79")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty80")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty81")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty82")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty83")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty84")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty85")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty86")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty87")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty88")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty89")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty90")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty91")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty92")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty93")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty94")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty95")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty96")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty97")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty98")
|
|
dev_filetrans($1, tty_device_t, chr_file, "tty99")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty10")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty11")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty12")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty13")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty14")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty15")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty16")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty17")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty18")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty19")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty20")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty21")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty22")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty23")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty24")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty25")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty26")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty27")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty28")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty29")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty30")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty31")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty32")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty33")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty34")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty35")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty36")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty37")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty38")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty39")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty40")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty41")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty42")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty43")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty44")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty45")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty46")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty47")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty48")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty49")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty50")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty51")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty52")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty53")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty54")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty55")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty56")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty57")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty58")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty59")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty60")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty61")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty62")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty63")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty64")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty65")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty66")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty67")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty68")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty69")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty70")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty71")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty72")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty73")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty74")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty75")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty76")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty77")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty78")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty79")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty80")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty81")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty82")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty83")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty84")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty85")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty86")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty87")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty88")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty89")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty90")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty91")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty92")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty93")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty94")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty95")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty96")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty97")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty98")
|
|
dev_filetrans($1, tty_device_t, chr_file, "pty99")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "adb9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "capi9")
|
|
dev_filetrans($1, console_device_t, chr_file, "console")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "cu9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "dcbri9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "vcsa")
|
|
dev_filetrans($1, tty_device_t, chr_file, "vcsb")
|
|
dev_filetrans($1, tty_device_t, chr_file, "vcsc")
|
|
dev_filetrans($1, tty_device_t, chr_file, "vcsd")
|
|
dev_filetrans($1, tty_device_t, chr_file, "vcse")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvc9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "hvsi9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ircomm9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "isdn9")
|
|
filetrans_pattern($1, devpts_t, ptmx_t, chr_file, "ptmx")
|
|
dev_filetrans($1, ptmx_t, chr_file, "ptmx")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "rfcomm9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "slamr9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyACM9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttyS9")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "ttySG9")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB0")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB1")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB2")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB3")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB4")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB5")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB6")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB7")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB8")
|
|
dev_filetrans($1, usbtty_device_t, chr_file, "ttyUSB9")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p0")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p1")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p2")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p3")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p4")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p5")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p6")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p7")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p8")
|
|
dev_filetrans($1, virtio_device_t, chr_file, "vport0p9")
|
|
dev_filetrans($1, devpts_t, dir, "pts")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc0")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc1")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc2")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc3")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc4")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc5")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc6")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc7")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc8")
|
|
dev_filetrans($1, tty_device_t, chr_file, "xvc9")
|
|
')
|